Attempting a space export using the remote API as the anonymous user (that is, without logging in) does not work.

It will result in a NullPointerException in 2.8.1 and earlier, and an IllegalArgumentException in 2.8.2 and after.

This can be fixed by removing the IllegalArgumentException thrown by com.atlassian.confluence.security.DownloadGateKeeper#addKey when the user is null. Since we represent the anonymous user with null, I see no reason why addKey should not accept it. The existing situation results in multiple replications of the same logic throughout Confluence, like this:

// If the current user is anonymous, pass it through (CONF-5219)
if (remoteUser == null)
{
    gateKeeper.allowAnonymousAccess(downloadPath);
}
else
{
    gateKeeper.addKey(downloadPath, remoteUser.getName());
}